Exemplo n.º 1
0
        public async Task <IActionResult> ConfirmApiKeyCreation(string code)
        {
            if (code == null)
            {
                return(RedirectToAction(nameof(HomeController.Index), "Home"));
            }
            var apiKeyReq = _context.ApiKeyCreationRequests.SingleOrDefault(r => r.Secret == code);

            if (apiKeyReq != null && !apiKeyReq.Completed && !ApiKeyCreationRequestExpired(apiKeyReq))
            {
                var user = await _userManager.FindByIdAsync(apiKeyReq.ApplicationUserId);

                var model = new ConfirmApiKeyCreationViewModel {
                    Code = code, DeviceName = apiKeyReq.RequestedDeviceName, TwoFactorRequired = user.TwoFactorEnabled
                };
                return(View(model));
            }

            this.FlashError("Invalid API KEY code");
            return(RedirectToAction(nameof(HomeController.Index), "Home"));
        }
Exemplo n.º 2
0
        public async Task <IActionResult> ConfirmApiKeyCreation(ConfirmApiKeyCreationViewModel model)
        {
            if (model.Code == null)
            {
                return(RedirectToAction(nameof(HomeController.Index), "Home"));
            }
            var apiKeyReq = _context.ApiKeyCreationRequests.SingleOrDefault(r => r.Secret == model.Code);

            if (apiKeyReq != null && !apiKeyReq.Completed && !ApiKeyCreationRequestExpired(apiKeyReq))
            {
                // check 2fa authentication
                var user = await _userManager.FindByIdAsync(apiKeyReq.ApplicationUserId);

                if (user.TwoFactorEnabled)
                {
                    if (model.TwoFactorCode == null)
                    {
                        model.TwoFactorCode = "";
                    }
                    var authenticatorCode = model.TwoFactorCode.Replace(" ", string.Empty).Replace("-", string.Empty);
                    if (!await _userManager.VerifyTwoFactorTokenAsync(user, _userManager.Options.Tokens.AuthenticatorTokenProvider, authenticatorCode))
                    {
                        this.FlashError($"Invalid authenticator code");
                        return(View(model));
                    }
                }

                _logger.LogInformation("User confrimed a new apikey with api.");

                apiKeyReq.Completed = true;
                _context.ApiKeyCreationRequests.Update(apiKeyReq);
                _context.SaveChanges();

                this.FlashSuccess($"API KEY ({model.DeviceName}) confirmed");
                return(RedirectToAction(nameof(HomeController.Index), "Home"));
            }

            this.FlashError("Invalid API KEY code");
            return(RedirectToAction(nameof(HomeController.Index), "Home"));
        }